[EN] Useful Tools

# [EN] Useful Tools ###### tags: `Writeup` `Web` `English` > [name=curious] ## Train Of Thought & Solution ### Challenge 1 If you use burpsuite to intercept HTTP requests sent from the browser, in addition to receiving normal request, you will also receive a request to `/burp5u17e_ch4ll3nge` ![](https://i.imgur.com/yfGOlEk.png) We can put this request into the Repeater to take a closer look ![](https://i.imgur.com/PuLtKMU.png) You can see that the response says "Let's start the challenge!", and you may also notice a `Challenge` header in the Requests that doesn't seem to be a typical header found in HTTP request. You can try changing the value of `Challenge` to 1 and see what happens ![](https://i.imgur.com/azinCS7.png) By doing so, you should obtain the first segment of the flag and the URL for the next challenge > The hint provided in the challenge can also give you some ideas on how to approach it > ``` > fetch("/???", { > headers: {???: "???"} > }); > document.querySelector("body").innerHTML = "..."; > ``` > `fetch` suggests that this JavaScript code will send an additional request to the server with a custom header, so you can use burpsuite to intercept the request > However, the challenge is designed in a way that discourages you from looking at the JavaScript code, which has been obfuscated ### Challenge 2 If you access `/cur1_ch4ll3nge` directly through a browser, you will see the message 'Do you know how to use `curl`?'. Therefore, you can try using the command `curl http://lotuxctf.com:20001/cur1_ch4ll3nge` to access this webpage ![](https://i.imgur.com/2RrMqTX.png) The challenge asks how to view headers using `curl`, so you can add the `-i` option to see what happens ![](https://i.imgur.com/E5KKQXI.png) After reading the hint provided in the challenge, you may realize that we need to find out what request methods the server supports. Luckily, there is a request method called `OPTIONS` that can be used to ask the server what methods it supports. Therefore ![](https://i.imgur.com/8AKjZI2.png) You can see that there is a very strange method listed. You can try sending a request using that method and see what happens ![](https://i.imgur.com/Dxn9ip7.png) By doing so, you should be able to successfully access the next challenge ### Challenge 3 If you access `/r3que57s_ch4ll3nge` directly through a browser, you will see the message 'How to browse websites with Python?'. Therefore, you can use the Python requests library to access this webpage ```python= import requests as req r = req.get('http://lotuxctf.com:20001/r3que57s_ch4ll3nge') print(r.headers) print(r.text) ``` You can see that the server has verified your identity so there should be a `Set-Cookie` header to set your cookie to indicate that you are logged in. The server also states that you need to use the `POST` method to obtain sensitive information. In order to maintain your login status, you can carry the cookie that represents your identity when using `POST`. Alternatively, you can use the `requests.Session` object to automatically handle this for you ```python= import requests as req s = req.Session() s.get('http://lotuxctf.com:20001/r3que57s_ch4ll3nge') print(s.post('http://lotuxctf.com:20001/r3que57s_ch4ll3nge').text) ``` Putting the three flag segments together will give you the complete flag! > Compare the results of doing sha256 with `burpsuite,_curl,_requests` and the flag {%hackmd M1bgOPoiQbmM0JRHWaYA1g %}